The blunder cost EDA nearly $3 million last year, wiping out about half of the agency’s IT budget.

How did such a mistake happen? Poor communication, bad decision-making, email blunders, and a serious misunderstanding of what malware can do.

EDA’s chief technology officer ordered the equipment destroyed after being told by the Department of Commerce’s cyber incident response team that 146 out of 250 systems on the department’s network had been hit by a large-scale malware cyber-attack.

It turned out this number was way off—only two computers actually had a virus.

But that doesn’t explain why the agency’s top IT official thought it was necessary to not only destroy all the computers, but also discard keyboards, monitors, mice, cameras and even televisions—when such equipment isn’t vulnerable to malware.